You’ve probably never heard of axios. But if your business uses any modern website, web app, booking system, or client portal, axios almost certainly runs somewhere in the background. It’s a networking tool that helps apps communicate over the internet — trusted, invisible, and used by over 100 million projects every single week.
Today, attackers turned that trust into a weapon.
Hackers compromised the npm account of axios’s lead developer and published two poisoned versions containing a hidden dependency called plain-crypto-js. The moment any developer ran a routine update during the attack window, a Remote Access Trojan was silently dropped — then deleted all evidence of itself.
⚠️ Critical Alert
Malicious versions: axios@1.14.1 and axios@0.30.4 — live between 00:21 and 03:29 UTC on March 31, 2026. Any machine that ran npm install during this window should be treated as fully compromised.
Weekly Downloads
100M+
Attack Window
~3 hours
Platforms Targeted
Win/Mac/Linux
Safe Versions
1.14.0 / 0.30.3
If you or your developer ran any software updates today, run this in Terminal (Mac/Linux):
npm list axios
On Windows PowerShell:
npm list axios -g
This attack didn’t target Fortune 500 companies. It targeted the invisible infrastructure every small business web app quietly depends on. Having IT support that monitors threats around the clock is the difference between a 10-minute audit and a months-long breach investigation.
Digital Evolutions provides 24/7 proactive IT security and monitoring for small businesses in Las Vegas and beyond. No business hours. No waiting until Monday. Real protection when it counts.
Get a Free Security Consultation